Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function.
The vulnerability stems from improper input handling in the formWifiWpsOOB function, leading to a buffer overflow (CWE-787 β writing outside the intended memory area). An attacker can send a specially crafted network request that overwrites critical memory areas of the device. Due to the network vector (AV:N), lack of privilege requirements (PR:N), and user interaction requirements (UI:N), the exploit can be performed entirely remotely.
Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code remotely (RCE) on the device, and consequently take full control of the router, violate data confidentiality and integrity, and cause device unavailability.
Apply patches available from the manufacturer according to the references. If an update is not available, it is recommended to restrict access to the device's administrative interface only to trusted networks and disable WPS functionality if not required.
Tenda AC6 firmware version v15.03.05.16
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTenda Ac6
HWTendawszystkie wersjeTenda Ac6 Firmware
OSTenda15.03.05.16
Related vulnerabilities
Buffer Overflow w Tenda AC6 β funkcja formSetCfm
Auth Bypass + RCE w Tenda AC6 via HTTP (CVE-2025-27129)
Buffer overflow w Tenda AC6 β funkcja fromAddressNat
Buffer overflow w Tenda AC6 β funkcja formSetSpeedWan
Buffer overflow w Tenda AC6 β funkcja formexeCommand